The #GDPR? Which zoo animal are you?

I’ve been cheekily comparing the position organisations are taking with regards to the GDPR with them being different zoo animals.

What I am seeing is organizations, regardless of where they are in the world, broadly falling into one of four pots: the Ostriches, the Swans, the Tree Frogs and the Lions.

The Ostriches are simply burying their heads and hoping the entire regulation simply does not apply to them – this seems to be true of many organisations homed outside of the EU – they’re convinced there is ‘nothing to see here’ and are carrying on regardless. These guys need to be worried.

The Swans are putting on a brave face whilst madly scrambling behind the scenes to pay the information ‘taxes’ they have not been paying as they go along. They’re trying to gather, audit, classify and generally get a grip on the information they have, why they have it and where it is. They’re the most engaged but they’ve got a sweat on behind closed doors.

The Tree Frogs are calm. They’re sat there on their branch just chirping ‘compliant!’ every few minutes. In some cases they do genuinely get it, they’ve been through the process to understand their compliance/risk position and they’re pretty chilled. In other cases, they just have not understood the obligations (and the risks) and think they’re all good – in many cases this belief has been driven by what they’re being told by IT partners and vendors, most of these guys are actually Ostriches, they just don’t know it. Therapy anyone?

The final group – the Lions – are the ones that are just backed into a corner and are lashing out at anybody within paws reach. They hate the EU, they hate information, they hate consultants trying to help them – they’re lashing out while secretly hoping the whole thing will just go away. Trouble is, it won’t go away, no matter how much you cross your paws and roar, the GDPR is arriving in May 2018.

What kind of zoo animal are you?

Let me know in the comments!

more to follow…

1 Comment

Nick
on March 1, 2018 at 6:17 pm

Hi Seb,
I enjoyed listening to your GDPR and you podcast on 18 October.
May I ask a question involving a potential scenario in “the right to data portability” introduced by Article 20 of the GDPR?
If I, as a data subject, ask an organisation that manages investment funds on my behalf, to transmit my personal data to another controller (ie, another organisation to manage my funds) without hindrance, is the existing data controller permitted to demand payment of an exit fee? In this case, the data controller is demanding an exit fee equivalent to about 60/70% of the total value of the portfolio.
Essentially, what happens when the main thesis of Article 20 “contravenes” a contract between a data subject and a data controller, in this case over exit fees?
In Patrick O’ Kane’s book on GDPR, page 4, he cites an example of Kate who wants to change banks and take all her financial records with her, meaning the old bank must transfer the records in a way that is easy for the new bank to use. Does that mean financial balances/transactions/funds etc are considered personal data? Does the “without hindrance” spell the end of exit/admin fees etc?
Many thanks!